Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Kaushal Shriyan-2
Hi,

I have run the below tests

./testssl.sh gsmasslciphers.digitalapicraft.com
###########################################################
    testssl.sh       3.1dev from https://testssl.sh/dev/
    (e0c83b2 2020-02-24 14:21:28 -- )
      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
       Please file bugs @ https://testssl.sh/bugs/
###########################################################
 Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
 on Kaushals-MacBook-Pro:./bin/openssl.Darwin.x86_64
 (built: "Feb 22 09:55:43 2019", platform: "darwin64-x86_64-cc")

 Start 2020-03-10 21:50:25        -->> 13.234.216.57:443 (gsmasslciphers.digitalapicraft.com) <<--
 rDNS (13.234.216.57):   --
 Service detected:       HTTP

 Testing protocols via sockets except NPN+ALPN
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    not offered and downgraded to a weaker protocol
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)
 Testing cipher categories
 NULL ciphers (no encryption)                  not offered (OK)
 Anonymous NULL Ciphers (no authentication)    not offered (OK)
 Export ciphers (w/o ADH+NULL)                 not offered (OK)
 LOW: 64 Bit + DES, RC[2,4] (w/o export)       not offered (OK)
 Triple DES Ciphers / IDEA                     not offered
 Obsolete: SEED + 128+256 Bit CBC cipher       not offered
 Strong encryption (AEAD ciphers)              offered (OK)

 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
 PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
 Elliptic curves offered:     secp256k1 prime256v1 secp384r1 secp521r1

 Testing server preferences
 Has server cipher order?     no (NOT ok)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521) -- inconclusive test, matching cipher in list missing, better see below
 Negotiated cipher per proto  (matching cipher in list missing)
     ECDHE-RSA-AES256-GCM-SHA384:   TLSv1.2
 No further cipher order check has been done as order is determined by the client

 Testing server defaults (Server Hello)
 TLS extensions (standard)    "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172" "application layer protocol negotiation/#16"
 Session Ticket RFC 5077 hint 86400 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial / Fingerprints        03C871BF68E569B4330E4AFCFA7752AAB5D7 / SHA1 8874D965CB96F4A4B8B4CCAE149B6F1999399BF8
                              SHA256 BB56659442E2ED18778F7BB210823F3A81DA88F3AF79D0EE2104CE82DBB03C65
 Common Name (CN)             gsmasslciphers.digitalapicraft.com
 subjectAltName (SAN)         gsmasslciphers.digitalapicraft.com
 Issuer                       Let's Encrypt Authority X3 (Let's Encrypt from US)
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
 ETS/"eTLS", visibility info  not present
 Certificate Validity (UTC)   89 >= 30 days (2020-03-10 09:40 --> 2020-06-08 09:40)
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI                     http://ocsp.int-x3.letsencrypt.org
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    not offered
 Certificate Transparency     yes (certificate extension)

 Testing HTTP header response @ "/"
 HTTP Status Code             200 OK
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    730 days=63072000 s, just this domain
 Public Key Pinning           --
 Server banner                nginx/1.16.1
 Application banner           --
 Cookie(s)                    (none issued at "/")
 Security headers             --
 Reverse Proxy banner         --

 Testing vulnerabilities
 Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK), no SSLv3 support
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=BB56659442E2ED18778F7BB210823F3A81DA88F3AF79D0EE2104CE82DBB03C65 could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)

 Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 521   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 521   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 Running client simulations (HTTP) via sockets
 Android 4.4.2                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 521 bit ECDH (P-521)
 Android 5.0.0                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
 Android 6.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 8.1 (native)         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 9.0 (native)         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 10.0 (native)        TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 74 (Win 10)           TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 79 (Win 10)           TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 66 (Win 8.1/10)      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 71 (Win 10)          TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 6 XP                      No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 17 (Win 10)             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Opera 66 (Win 10)            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 9 iOS 9               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 12.1 (iOS 12.2)       TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 13.0 (macOS 10.14.6)  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8u161                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 11.0.2 (OpenJDK)        TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 12.0.1 (OpenJDK)        TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.1.0l (Debian)      TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.1.1d (Debian)      TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Thunderbird (68.3)           TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Done 2020-03-10 21:52:13 [0130s] -->> 13.234.216.57:443 (gsmasslciphers.digitalapicraft.com) <<--


I am not sure about the below explanation as seen in the above output. 

Testing server preferences
 Has server cipher order?     no (NOT ok)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521) -- inconclusive test, matching cipher in list missing, better see below
 Negotiated cipher per proto  (matching cipher in list missing)
     ECDHE-RSA-AES256-GCM-SHA384:   TLSv1.2
 No further cipher order check has been done as order is determined by the client

I will appreciate if someone can help me understand it. Does it mean there is some issue? Thanks in advance and I look forward to hearing from you.

Best Regards,

Kaushal 
 
Reply | Threaded
Open this post in threaded view
|

Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Kaushal Shriyan-2
On Tue, Mar 10, 2020 at 9:56 PM Kaushal Shriyan <[hidden email]> wrote:
Hi,

I have run the below tests

./testssl.sh gsmasslciphers.digitalapicraft.com
###########################################################
    testssl.sh       3.1dev from https://testssl.sh/dev/
    (e0c83b2 2020-02-24 14:21:28 -- )
      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
       Please file bugs @ https://testssl.sh/bugs/
###########################################################
 Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
 on Kaushals-MacBook-Pro:./bin/openssl.Darwin.x86_64
 (built: "Feb 22 09:55:43 2019", platform: "darwin64-x86_64-cc")

 Start 2020-03-10 21:50:25        -->> 13.234.216.57:443 (gsmasslciphers.digitalapicraft.com) <<--
 rDNS (13.234.216.57):   --
 Service detected:       HTTP

 Testing protocols via sockets except NPN+ALPN
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    not offered and downgraded to a weaker protocol
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)
 Testing cipher categories
 NULL ciphers (no encryption)                  not offered (OK)
 Anonymous NULL Ciphers (no authentication)    not offered (OK)
 Export ciphers (w/o ADH+NULL)                 not offered (OK)
 LOW: 64 Bit + DES, RC[2,4] (w/o export)       not offered (OK)
 Triple DES Ciphers / IDEA                     not offered
 Obsolete: SEED + 128+256 Bit CBC cipher       not offered
 Strong encryption (AEAD ciphers)              offered (OK)

 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
 PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
 Elliptic curves offered:     secp256k1 prime256v1 secp384r1 secp521r1

 Testing server preferences
 Has server cipher order?     no (NOT ok)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521) -- inconclusive test, matching cipher in list missing, better see below
 Negotiated cipher per proto  (matching cipher in list missing)
     ECDHE-RSA-AES256-GCM-SHA384:   TLSv1.2
 No further cipher order check has been done as order is determined by the client

 Testing server defaults (Server Hello)
 TLS extensions (standard)    "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172" "application layer protocol negotiation/#16"
 Session Ticket RFC 5077 hint 86400 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial / Fingerprints        03C871BF68E569B4330E4AFCFA7752AAB5D7 / SHA1 8874D965CB96F4A4B8B4CCAE149B6F1999399BF8
                              SHA256 BB56659442E2ED18778F7BB210823F3A81DA88F3AF79D0EE2104CE82DBB03C65
 Common Name (CN)             gsmasslciphers.digitalapicraft.com
 subjectAltName (SAN)         gsmasslciphers.digitalapicraft.com
 Issuer                       Let's Encrypt Authority X3 (Let's Encrypt from US)
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               Ok
 EV cert (experimental)       no
 ETS/"eTLS", visibility info  not present
 Certificate Validity (UTC)   89 >= 30 days (2020-03-10 09:40 --> 2020-06-08 09:40)
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI                     http://ocsp.int-x3.letsencrypt.org
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    not offered
 Certificate Transparency     yes (certificate extension)

 Testing HTTP header response @ "/"
 HTTP Status Code             200 OK
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    730 days=63072000 s, just this domain
 Public Key Pinning           --
 Server banner                nginx/1.16.1
 Application banner           --
 Cookie(s)                    (none issued at "/")
 Security headers             --
 Reverse Proxy banner         --

 Testing vulnerabilities
 Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK), no SSLv3 support
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible (OK), no protocol below TLS 1.2 offered
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=BB56659442E2ED18778F7BB210823F3A81DA88F3AF79D0EE2104CE82DBB03C65 could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)

 Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 521   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 521   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 Running client simulations (HTTP) via sockets
 Android 4.4.2                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 521 bit ECDH (P-521)
 Android 5.0.0                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
 Android 6.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 8.1 (native)         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 9.0 (native)         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 10.0 (native)        TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 74 (Win 10)           TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 79 (Win 10)           TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 66 (Win 8.1/10)      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 71 (Win 10)          TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 6 XP                      No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 17 (Win 10)             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Opera 66 (Win 10)            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 9 iOS 9               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 12.1 (iOS 12.2)       TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 13.0 (macOS 10.14.6)  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8u161                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 11.0.2 (OpenJDK)        TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 12.0.1 (OpenJDK)        TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.1.0l (Debian)      TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.1.1d (Debian)      TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Thunderbird (68.3)           TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Done 2020-03-10 21:52:13 [0130s] -->> 13.234.216.57:443 (gsmasslciphers.digitalapicraft.com) <<--


I am not sure about the below explanation as seen in the above output. 

Testing server preferences
 Has server cipher order?     no (NOT ok)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 521 bit ECDH (P-521) -- inconclusive test, matching cipher in list missing, better see below
 Negotiated cipher per proto  (matching cipher in list missing)
     ECDHE-RSA-AES256-GCM-SHA384:   TLSv1.2
 No further cipher order check has been done as order is determined by the client

I will appreciate if someone can help me understand it. Does it mean there is some issue? Thanks in advance and I look forward to hearing from you.

Best Regards,

Kaushal 
 

Hi,

Checking in again if someone can pitch in for my earlier post to this mailing list. Thanks in advance and I look forward to hearing from you.

Best Regards,

Kaushal 
 
Reply | Threaded
Open this post in threaded view
|

Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Michael Wojcik
To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE).



Testing server preferences
 Has server cipher order?     no (NOT ok)
  ...
No further cipher order check has been done as order is determined by the client

Reply | Threaded
Open this post in threaded view
|

Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Kaushal Shriyan-2


On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <[hidden email]> wrote:
To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE).



Testing server preferences
 Has server cipher order?     no (NOT ok)
  ...
No further cipher order check has been done as order is determined by the client


Hi Michael,

Thanks for the email. I am not sure if i understand it completely. what does the server's cipher order mean in layman's terms? Any example regarding To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE) to set it in /etc/nginx/nginx.conf. I am running Nginx web server.

I have the below settings in /etc/nginx/nginx.conf

server {
        listen 443 ssl;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers off;
}

Please suggest. I look forward to hearing from you and thanks in advance.

Best Regards, 

Kaushal
Reply | Threaded
Open this post in threaded view
|

Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Michael Wojcik
(Please send messages to the list, not to me directly.)

In TLS, the client and server negotiate the cipher suite to use. The server makes the final decision. It can pick the client's most-preferred suite from among the ones they share, or it can pick the one it prefers. The current consensus seems to be that the best practice is to pick the suite the server most prefers. You can consult other references such as Ivan Ristic's /Bulletproof SSL and TLS/ book if you want more details.

Having the server pick the suite it prefers is known as enforcing the server's cipher-suite order.

The test you ran is complaining that the server does not enforce its cipher-suite order.

I explained how to do that in OpenSSL. How to do it in nginx is a question for the nginx project, not an OpenSSL problem.


Reply | Threaded
Open this post in threaded view
|

Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Kyle Hamilton
In reply to this post by Kaushal Shriyan-2
ssl_prefer_server_ciphers on;

On Wed, Mar 11, 2020, 11:58 Kaushal Shriyan <[hidden email]> wrote:


On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <[hidden email]> wrote:
To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE).



Testing server preferences
 Has server cipher order?     no (NOT ok)
  ...
No further cipher order check has been done as order is determined by the client


Hi Michael,

Thanks for the email. I am not sure if i understand it completely. what does the server's cipher order mean in layman's terms? Any example regarding To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE) to set it in /etc/nginx/nginx.conf. I am running Nginx web server.

I have the below settings in /etc/nginx/nginx.conf

server {
        listen 443 ssl;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers off;
}

Please suggest. I look forward to hearing from you and thanks in advance.

Best Regards, 

Kaushal
Reply | Threaded
Open this post in threaded view
|

Re: Negotiated cipher per proto (matching cipher in list missing). No further cipher order check has been done as order is determined by the client

Kaushal Shriyan-2

On Thu, Mar 12, 2020 at 1:01 AM Kyle Hamilton <[hidden email]> wrote:
ssl_prefer_server_ciphers on;

On Wed, Mar 11, 2020, 11:58 Kaushal Shriyan <[hidden email]> wrote:


On Wed, Mar 11, 2020 at 6:36 PM Michael Wojcik <[hidden email]> wrote:
To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE).



Testing server preferences
 Has server cipher order?     no (NOT ok)
  ...
No further cipher order check has been done as order is determined by the client


Hi Michael,

Thanks for the email. I am not sure if i understand it completely. what does the server's cipher order mean in layman's terms? Any example regarding To enforce the server's cipher order, use SSL_CTX_set_options(ctx, SSL_CTX_get_options(ctx) | SSL_OP_CIPHER_SERVER_PREFERENCE) to set it in /etc/nginx/nginx.conf. I am running Nginx web server.

I have the below settings in /etc/nginx/nginx.conf

server {
        listen 443 ssl;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers off;
}

Please suggest. I look forward to hearing from you and thanks in advance.

Best Regards, 

Kaushal


Thanks Michael for the explanation and much appreciated. Thanks a lot, Kyle for the reply.